Email tapping by ISPs, forwarder addresses, and crypto proxies

Tyler Durden camera_lumina at
Wed Jul 21 07:20:36 PDT 2004

Yes, but I think it's fairly clear that if one needs to dissasemble the 
OC-Ns in the field, you simply need too much gear. It's going to be far 
easier to grab whole swathes of it and ship it back to Montana or wherever 
for it to be sifted through later.

What they probably do, however, is grab specific DS1s/3s locall and switch 
those via CALEA back to optical access points, where all of this stuff is 
pulled together into OC-192s or (very soon) OC-768s. As Variola suggests, 
once you get it back then you can plow through it at your leisure. Got a 
disident you want to shut down? "Surely he's said SOMETHING over the last 2 
years that you could incriminate him on....find it, dammit!"


>From: Morlock Elloi <morlockelloi at>
>To: cypherpunks at
>Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto  
>Date: Wed, 21 Jul 2004 02:19:20 -0700 (PDT)
> >Let's back up. You've got an OC-48 or OC-192 fiber and you want to grab 
> >of the data in this fiber. Now I'll grant that in real life there's
>A. You don't want all data.
>A nice illustration on ether speeds is obtained by using simple tools like
>putting the NIC in promiscuous mode, using simple reassembler and filter 
>discards everything but smtp/pop text parts. This can be trivially done 
>tcpdump+awk. The percentage of mail texts is usually less than 2-3% of all
>traffic. And it's not even because of porn - it's stupidity of html 
>(humans & software).
>B. Even 'All data' is far less than line speed. Average fiber utilisation 
>under 4% in US. Buffers!
>(of original message)
>Y-a*h*o-o (yes, they scan for this) spam follows:
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!

Dont just search. Find. Check out the new MSN Search!

More information about the cypherpunks-legacy mailing list